﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading.Tasks;

namespace Tools.Base
{
    public class RegexTools
    {
        /// <summary>
        /// 检测字符串中是否有sql注入代码
        /// </summary>
        /// <param name="inputString"></param>
        /// <returns></returns>
        public static bool ProcessSqlStr(string inputString)
         {
             string SqlStr = @"format|and|or|exec|execute|insert|select|delete|update|replace|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net +localgroup +administrators";
             try
             {
                 if ((inputString != null) && (inputString != String.Empty))
                 {
                     string str_Regex = @"\b(" + SqlStr + @")\b";
 
                     Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
                     if (true == Regex.IsMatch(inputString))
                         return false;
 
                 }
             }
             catch
             {
                 return false;
             }
             return true;
         }
    }
}
